5 matches found
CVE-2020-15180
The CVE-2020-15180 issue is in MariaDB’s mysql-wsrep component, where lack of input sanitization in wsrep_sst_method enables command injection on Galera cluster nodes. Affected are MariaDB releases prior to 10.1.47, 10.2.34, 10.3.25, 10.4.15, and 10.5.6. The risk includes potential unauthorized c...
CVE-2017-15365
CVE-2017-15365 affects MariaDB up to 10.1.29 (and 10.2.x before 10.2.10) and Percona XtraDB Cluster before 5.6.37-26.21-3 / 5.7.x before 5.7.19-29.22-3. Description: remote authenticated SQL users can bypass access controls and replicate DDL statements to cluster nodes due to incorrect ordering o...
CVE-2016-6663
CVE-2016-6663 involves a race condition in MyISAM table repair (MySQL, MariaDB, Percona variants) that could let a local user with certain privileges gain elevated privileges via my_copystat during REPAIR TABLE. Affected products and versions include MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7....
CVE-2016-6664
CVE-2016-6664 affects Oracle MySQL, MariaDB, Percona Server and Percona XtraDB Cluster when using file-based logging. The flaw, rooted in the mysqld_safe/error log handling, could let a local user with access to the mysql account escalate to root via a symlink attack on error logs (and possibly o...
CVE-2020-10996
CVE-2020-10996 affects Percona XtraDB Cluster prior to 5.7.28-31.41.2. A bundled script sets a static transition_key for SST processes instead of the random key, indicating a potential security weakness in SST key handling. The documented remediation is to upgrade to Percona XtraDB Cluster 5.7.28...